Information processing device, information recording device, information processing system, program update method, program, and integrated circuit

ABSTRACT

According to the prior art, it is difficult to ensure an update of a program when a terminal has already been hacked because in that case, there is a possibility that the reliability of the update module has been lost. A card storing secret information to be used by the terminal includes: a function to store an update program for the terminal and confirm whether or not the terminal is authentic by using information obtained from the terminal; and a function to output the secret information when the terminal is judged to be authentic and output an update program when the terminal is judged not to be authentic. With this structure, when the terminal attempts to use the secret information, the terminal is forced to update the program.

TECHNICAL FIELD

The present invention relates to a technology of updating a program surely in an information processing device which operates by the program.

BACKGROUND ART

As digital contents have become popular, unauthorized copying of contents has become a social issue. When a content processing function is achieved by a software program, the program needs to be protected from unauthorized copying which is attempted by malicious users. When a program achieving a content processing function is tampered or bugged by a malicious user, it is possible that the content in a plain text state may be extracted, or a key used to encrypt the content may be obtained from the program in an unauthorized manner and the content may be decrypted. Digital contents can be redistributed easily via the Internet. Accordingly, if a content in a plain text state is distributed in an unauthorized manner, the advantage of the right owner is greatly lost. To prevent such a matter from occurring, it is important to protect a content processing program from attacks.

However, at a release of a processing program, it is difficult to provide a safe program not having a security hole. Accordingly, it is expected that, for example, a malicious user attacks such a security hole to tamper a content processing program and copy a digital content in an unauthorized manner. After such a fact becomes apparent, the program in question needs to be updated to a new program that has taken measures against the security hole. The following technologies, as one example, are known to perform such countermeasures.

Patent Document 1 discloses a technology in which a server for supplying an update program performs a mutual authentication with an update module of a terminal, and when they recognize each other as authentic, the update program is supplied to the terminal, and a program held by the terminal is updated by the update program. Also, Patent Document 2 discloses a technology in which a card storing an update program performs a mutual authentication with an update module of a terminal, and when they recognize each other as authentic, the terminal obtains the update program from the card, and the terminal itself updates a program held by the terminal.

Patent Document 1: Japanese Patent Application Publication No. H10-198571

Patent Document 2: Japanese Patent Application Publication No. 2003-330745

DISCLOSURE OF THE INVENTION The Problems the Invention is Going to Solve

According to the above-described conventional technologies, a card or server, which is to supply the update program, performs a mutual authentication with an update module of a terminal, and when they recognize each other as authentic, the update program is supplied. The method of this mechanism depends on the reliability of the update module provided on the terminal side.

However, it is difficult with these technologies to ensure an update of the program when the terminal has already been hacked because in that case, there is a possibility that the reliability of the update module has been lost. For example, when the update module is also a software program, there is a possibility that the update module itself has been hacked. In such a case, when the update module itself has been hacked, the original update process itself may be avoided, or that a judgment on whether or not an update is necessary may be made erroneously. When this occurs, a forced software update becomes impossible.

To prevent the update module itself from being hacked, it is required that the program update system is protected by a tamper-resistant shield that is stronger than the update target program. A conventional technology discloses, for example, a tamper-resistant structure where each constituent element of the program update system is made of hardware. However, the program update system is often created to be large in scale since in many cases it is equipped with a function to perform communication with the Internet or the like. Therefore, it is practically difficult to generate a program update system that is made of hardware as a whole.

It is therefore an object of the present invention to provide an information processing system, information recording device, information processing device, program update method, computer program and integrated circuit which can update a program surely even if the program update module itself is not reliable.

Means to Solve the Problems

The above-stated object is fulfilled by an information processing system comprising an information processing device and a portable information recording device that is attachable and detachable to and from the information processing device, wherein the information processing device includes: a first storage unit storing an operation program including a plurality of computer instructions for operating the information processing device; a measuring unit operable to measure an amount of characteristics of the operation program when the operation program is loaded; a requesting unit operable to send a request for secret information to the information recording device; a receiving unit operable to receive either the secret information or an update program, depending on a result of a judgment which is made by the information recording device to confirm whether or not the operation program is authentic; and an update unit operable to, when the receiving unit has received the update program, update the operation program stored in the first storage unit in accordance with the received update program, and the information recording device includes: an information holding unit holding the secret information safely; a second storage unit storing the update program for updating the operation program; a receiving unit operable to receive the request for secret information from the information processing device; a judging unit operable to, when the receiving unit has received the request, judge whether or not the operation program is authentic, using the measured amount of characteristics; and an output unit operable to output the secret information held by the information holding unit to the information processing device when the judging unit judges that the operation program is authentic, and output the update program stored in the second storage unit to the information processing device when the judging unit judges that the operation program is not authentic.

In the above-described information processing system, the information recording device may further include: an identifier storage unit storing a device identifier for identifying an information processing device that was connected with the information recording device in past; a first obtaining unit operable to obtain, from the server device via a network and the information processing device connected with the network, an update program that is associated with the device identifier stored in the identifier storage unit, and write the obtained update program to the second storage unit; an authenticity information storage unit; and a second obtaining unit operable to obtain, from the server device via the network and the information processing device connected with the network, authenticity confirmation information that is associated with the update program stored in the second storage unit and is used to confirm authenticity of the operation program, and write the obtained authenticity confirmation information to the authenticity information storage unit, wherein the judging unit judges whether or not the operation program is authentic, in accordance with the authenticity confirmation information written to the authenticity information storage unit.

EFFECTS OF THE INVENTION

With the above-described structure, the information processing device cannot obtain the desired secret information unless the information processing device updates the operation program according to the received update program. It is therefore possible to force the information processing device to update the operation program.

In this way, it is possible to update the program surely without depending on the reliability of the update module itself.

Also, it is possible to modify an unauthorized information processing device to an authorized information processing device by updating a program, without making a revoked information processing device inoperable. This makes it possible to continue to permit the use of the information processing device. In this way, it is possible to prevent the user from suffering a damage from making a revoked device inoperable.

Furthermore, with this structure, even an information processing device that cannot be connected with the Internet can update the program because the portable information recording device updates the program. This extends the scope of application to the information processing device.

The above-stated object is also fulfilled by a portable information recording device that is attachable and detachable to/from an information processing device, the information recording device comprising: an information holding unit holding secret information safely; a program storage unit storing an update program for updating an operation program including a plurality of computer instructions for operating the information processing device; a receiving unit operable to receive a request for the secret information from the information processing device; a judging unit operable to, when the receiving unit has received the request, judge whether or not the operation program is authentic using an amount of characteristics of the operation program, the amount of characteristics being measured by and obtained from the information processing device; and an output unit operable to output the secret information held by the information holding unit to the information processing device when the judging unit judges that the operation program is authentic, and output the update program stored in the program storage unit to the information processing device when the judging unit judges that the operation program is not authentic.

With the above-described structure, the information processing device cannot obtain the desired secret information unless the information processing device updates the operation program according to the received update program. It is therefore possible to force the information processing device to update the operation program.

In this way, it is possible to update the program surely without depending on the reliability of the update module itself.

The above-described information recording device may further comprise an authentic information storage unit storing an authentic amount of characteristics being an amount of characteristics of an authentic operation program, wherein the judging unit judges whether or not the operation program is authentic, by comparing the authentic amount of characteristics with the measured amount of characteristics obtained from the information processing device.

With the above-described structure, the information recording device can judge whether or not the operation program stored in the information processing device is authentic, in accordance with the amount of characteristics of the operation program. If the operation program stored in the information processing device has been tampered, the authentic amount of characteristics does not match the measured amount of characteristics that is obtained from the tampered information processing device. It is accordingly possible to detect the tampering of the operation program surely.

In the above-described information recording device, the program storage unit may store one or more device identifiers for identifying one or more information processing devices that were connected with the information recording device at least in past, and stores one or more update programs for the one or more information processing devices in one-to-one correspondence with the one or more device identifiers, and the output unit outputs an update program which corresponds to a device identifier for identifying an information processing device that is an issuer of the received request.

With the above-described structure, it is possible to output an appropriate update program to each information processing device.

In the above-described information recording device, the receiving unit may further receive, together with the request, a device identifier for identifying the information processing device that is the issuer of the received request, the program storage unit stores one or more device identifiers for identifying one or more information processing devices that issued the request in past, and stores one or more update programs for the one or more information processing devices in one-to-one correspondence with the one or more device identifiers, and the output unit outputs an update program for an information processing device identified by the device identifier received together with the request.

With the above-described structure, even when the information recording device is shared by a plurality of information processing devices, it is possible to output an appropriate update program to each information processing device.

In the above-described information recording device, when the request is received from another information processing device, the program storage unit may further store additionally a device identifier for identifying said another information processing device.

With the above-described structure, the information recording device can manage update programs with respect to all information processing devices from which the access request was received at least once in past.

The above-described information recording device may further comprise: a transmitting unit operable to transmit a device identifier stored in the program storage unit, to a server device that provides the update program; and an obtaining unit operable to obtain, from the server device, an update program for an information processing device identified by the transmitted device identifier, wherein the program storage device stores the obtained update program in association with the device identifier.

With the above-described structure, when the update program has been upgraded with respect to an information processing device managed by the information recording device itself, the information recording device can obtain and record the upgraded update program onto the device itself.

The above-stated object is also fulfilled by an information processing device to which a portable information recording device is attached, the information processing device comprising: a first storage unit storing an operation program including a plurality of computer instructions for operating the information processing device; a measuring unit operable to measure an amount of characteristics of the operation program when the operation program is loaded; a requesting unit operable to send a request for secret information to the information recording device; a receiving unit operable to receive either the secret information or an update program, depending on a result of a judgment made by the information recording device to confirm whether or not the operation program is authentic; and an update unit operable to, when the receiving unit has received the update program, update the operation program stored in the first storage unit in accordance with the received update program.

With the above-described structure, the information processing device cannot obtain the desired secret information unless the information processing device updates the operation program according to the received update program. It is therefore possible to force the information processing device to update the operation program.

In the above-described information processing device, the measuring unit may be protected by means of a tamper resistant structure thereof.

With the above-described structure, it is possible to prevent the characteristic information from being tampered by an unauthorized analyzer. Accordingly, when a program that operates the information processing device is an unauthorized one, it is possible to update the program in a more ensured manner. Also, protecting merely the characteristic information calculating unit is enough to prevent the above-mentioned unauthorized action. Accordingly, this makes it possible to forcibly update the program at a lower cost than the case where the whole device is made tamper-resistant.

The above-stated object is also fulfilled by an information processing system comprising: a server device; a first information processing device that is connectable with the server device via a network; a second information processing device not having a function to connect with the server device via a network; and a portable information recording device that is attachable and detachable to/from each information processing device, wherein the second information processing device has been revoked, the server device stores an update program for updating an operation program for operating the second information processing device, the information recording device is attached to the first information processing device, the first information processing device obtains the update program from the server device via the network and outputs the obtained update program to the information recording device, the information recording device is attached to the second information processing device, the information recording device includes: an information holding unit holding secret information safely; a first storage unit receiving the update program from the first information processing device and storing the received update program; a receiving unit operable to receive a request for the secret information from the second information processing device; a judging unit operable to, when the receiving unit has received the request, judge whether or not the operation program stored in the second information processing device is authentic, using an amount of characteristics measured by the second information processing device; and an output unit operable to output the secret information held by the information holding unit to the second information processing device when the judging unit judges that the operation program is authentic, and output the update program stored in the first storage unit to the second information processing device when the judging unit judges that the operation program is not authentic, and the second information processing device includes: a second storage unit storing the operation program including a plurality of computer instructions for operating the second information processing device; a measuring unit operable to measure the amount of characteristics of the operation program when the operation program is loaded; a requesting unit operable to send a request for the secret information to the information recording device; a receiving unit operable to receive either the secret information or an update program, depending on a result of the judgment made by the information recording device to confirm whether or not the operation program is authentic; and an update unit operable to, when the receiving unit has received the update program, update the operation program stored in the second storage unit in accordance with the received update program.

With the above-described structure, even an information processing device that cannot be connected with a network can update the program. This extends the scope of application to the information processing device.

Further, the present invention can be achieved as an information processing system, program update method, program, or integrated circuit that includes the above-described features of the information recording device and the inf ormation processing device, producing the same advantageous effects.

BRIEF DESCRIPTION OF THE DRAWING

FIG. 1 is a block diagram showing the structure of the content distribution system in Embodiment 1 of the present invention.

FIG. 2 is a block diagram showing the hardware structure of the terminal A in Embodiment 1 of the present invention.

FIG. 3 is a flowchart showing the operation of the right purchase control program in Embodiment 1 of the present invention.

FIG. 4 is a flowchart showing the operation of the playback control program in Embodiment 1 of the present invention.

FIG. 5 is a flowchart showing the operation of the PCR extend command process in Embodiment 1 of the present invention.

FIG. 6 is a flowchart showing the operation when the terminal is booted in Embodiment 1 of the present invention.

FIG. 7 is a block diagram showing the hardware structure of the terminal N in Embodiment 1 of the present invention.

FIG. 8 is a block diagram showing the hardware structure of the card in Embodiment 1 of the present invention.

FIG. 9 is a flowchart showing the operation of the right purchase program in Embodiment 1 of the present invention.

FIG. 10 is a flowchart showing the operation of the right confirmation/key generation program in Embodiment 1 of the present invention.

FIG. 11 is a flowchart showing the overall operation of the content distribution system in Embodiment 1 of the present invention.

FIG. 12 is a block diagram showing the structure of the server in Embodiment 1 of the present invention.

FIG. 13 is a block diagram showing the structure of the CRL database provided in the server in Embodiment 1 of the present invention.

FIG. 14 is a block diagram showing the structure of the CRL database provided in the card in Embodiment 1 of the present invention.

FIG. 15 is a flowchart showing the overall operation of the content distribution system in Embodiment 1 of the present invention.

DESCRIPTION OF CHARACTERS

-   0100 content distribution system -   0101 server -   0102 terminal A -   0103 terminal B -   0104 terminal M -   0105 terminal N -   0106 terminal Z -   0107 card -   0108 Internet -   0201 processor -   0202 RAM -   0203 boot code -   0204 card interface -   0205 communication unit -   0206 content storage unit -   0207 secure module -   0208 program storage unit -   0209 operating system -   0210 right purchase control program -   0211 playback control program -   0212 program certificate -   0213 bus -   0701 processor -   0702 RAM -   0703 boot code -   0704 card interface -   0706 content storage unit -   0707 secure module -   0708 program storage unit -   0709 operating system -   0711 playback control program -   0712 program certificate -   0713 bus -   0801 processor -   0802 RAM -   0803 boot code -   0804 terminal interface -   0805 CRL database -   0807 content storage unit -   0808 program storage unit -   0809 operating system -   0810 right purchase program -   0811 right confirmation/key generation program -   0813 bus -   1201 communication unit -   1202 CRL database -   1203 CRL management unit -   1204 right management unit

BEST MODE FOR CARRYING OUT THE INVENTION

In the following, an embodiment of the present invention will be described with reference to the attached drawings.

FIG. 1 shows the structure of a content distribution system 0100. The content distribution system 0100 is composed of a server 0101, a terminal A 0102, a terminal B 0103, . . . a terminal M 0104, a terminal N 0105, . . . a terminal Z 0106, and a card 0107. The server 0101 is connected with the terminal A 0102, the terminal B 0103, and the terminal M 0104 via the Internet 0108. The terminal N 0105 and the terminal Z 0106 do not have means for directly performing communication with the server 0101. The terminal A 0102, the terminal B 0103, . . . the terminal M 0104, and the terminal N 0105, . . . the terminal Z each have a card interface, and can transfer data among them via the card 0107.

Note that, although FIG. 1 shows only the terminal A 0102, the terminal B 0103, and the terminal M 0104 as terminals that are connected with the server 0101, one or more terminals having the same structure as, for example, the terminal A 0102 may further exist in the content distribution system 0100. Alternatively, the number of such terminals existing in the content distribution system 0100 may be smaller than the number of terminals shown in FIG. 1. Hereinafter, description of the structure of the terminal B 0103 and the terminal M 0104 is omitted, except for the cases where it is necessary, since they have the same structure as the terminal A 0102. Also, although FIG. 1 shows only the terminal N 0105 and the terminal Z 0106 as terminals that are not connected with the server 0101, one or more terminals having the same structure as the terminal N 0105 or the terminal Z 0106 may further exist in the content distribution system 0100. Alternatively, the number of such terminals existing in the content distribution system 0100 may be smaller than the number of terminals shown in FIG. 1. Hereinafter, description of the structure of the terminal Z 0106 is omitted, except for the cases where it is necessary, since it has the same structure as the terminal N 0105.

The terminal A 0102 has a function to perform communication with the server 0101 via the Internet 0108 and download a content such as music or a movie therefrom, and a function to play back the downloaded content. Note that the contents are protected by copyright and are downloaded to the terminal A 0102 in an encrypted state.

The card 0107 performs communication with the server 0101 via the terminal A 0102 and the Internet 0108, obtains a key used to encrypt a content, and upon request from the terminal A 0102, gives the key to the terminal A 0102. Here, the card 0107 is structured to output the key only' after it confirms that the terminal A 0102 is an authentic terminal. More specifically, the card 0107 gives the key to the terminal A 0102 only after it confirms through a mutual authentication that the terminal A 0102 is an authentic terminal.

FIG. 2 shows the structure of the terminal A 0102. Note that the terminal B 0103 and the terminal M 0104 have the same structure as the terminal A 0102. The terminal A 0102 is composed of a processor 0201, a RAM 0202, a boot code 0203, a card interface 0204, a communication unit 0205, a content storage unit 0206, a secure module 0207, and a program storage unit 0208. These units are connected with each other via a bus 0213. The program storage unit 0208 stores an operating system 0209, a right purchase control program 0210, a playback control program 0211, a program certificate 0212.

The processor 0201 executes the boot code 0203 and the programs having been loaded in the RAM 0202, and performs various processes for the terminal A 0102.

The RAM 0202 holds a program that is loaded thereto for execution by the processor 0201. The program to be loaded thereto is stored in the program storage unit 0208.

The boot code 0203 includes one or more codes (boot codes) that are to be executed first by the processor 0201 after the terminal A 0102 is reset. The boot code 0203 expands the operating system 0209 stored in the program storage unit 0208, into the RAM 0202.

The card interface 0204 is an interface which connects the card 0107 with the terminal A 0102. A program that runs in the processor 0201 can perform communication with the card 0107 by performing communication with the card interface 0204. A program that runs in the terminal A 0102 always uses the card interface 0204 to perform communication with the card 0107. In the following description, description of the card interface 0204 will be omitted when a communication between the card 0107 and the program running in the terminal A 0102 is described.

The communication unit 0205 is an interface which connects the Internet 0108 with the terminal A 0102. A program that runs in the processor 0201 can perform communication with the server 0101 via the Internet 0108 by performing communication with the communication unit 0205.

The content storage unit 0206 stores contents that are downloaded from the server 0101 by the terminal A 0102.

The secure module 0207 is a device that has the same function as the TPM (Trusted Platform Module) standardized by the TCG (Trusted Computing Group). For detailed specifications of the TPM, see the homepage of the TCG <URL: http://www.trustedcomputinggroup.org>.

The secure module 0207 includes a register called PCR (Platform Configuration Register). The register stores a value that is dependent on the software structure of the terminal A 0102. The secure module 0207 provides a command for updating the PCR. When the command is executed, a current PCR value and the argument of the command are concatenated, a one-way function is applied to a value obtained by the concatenation, and the PCR is updated in accordance with the result of the function application. Hereinafter, the command is referred to as a PCR extend command.

The secure module 0207 can provide a service of attaching a signature to a PCR value using a private key that is held within the secure module 0207 in a state protected from being taken out outside. This service is called “attestation”. For example, a program running in the terminal A 0102 may obtain a current PCR value to which a signature has been attached with use of the attestation service provided by the secure module 0207, and transmit the obtained value to the server 0101. In this case, the server 0101 can confirm whether or not the value received therefrom is a PCR value generated by the secure module 0207, by performing signature verification using the public key of the secure module 0207 obtained from an authentication authority. Note that the secure module 0207 has been made tamper-resistant so that the PCR extend process and the attestation process, which are performed in the secure module 0207, cannot be altered in an unauthorized manner.

The program storage unit 0208 stores programs that run in the terminal A 0102, and stores the operating system 0209, the right purchase control program 0210, the playback control program 0211, and the program certificate 0212.

The operating system 0209 is infrastructure software of the terminal A 0102, and provides services to applications that operate on the operating system 0209. The operating system 0209 loads applications stored in the program storage unit 0208 onto the RAM 0202.

Next, processes performed by the programs will be described.

FIG. 3 shows an operational flow of the right purchase control program 0210. The right purchase control program 0210 is an application that operates on the operating system 0209. The right purchase control program 0210 performs a process of requesting the card 0107 to obtain a right of a content that is provided from the server 0101. The right purchase control program 0210 also downloads the content. The following will describe the process in detail.

The right purchase control program 0210, after being loaded by the operating system 0209 and obtaining the right for control, first obtains a list of purchasable contents from the server 0101. The list includes information for identifying the contents, such as content IDs, content titles, or content summaries. Next, the right purchase control program 0210 presents the list to the user of the terminal A 0102, causes the user to select a content to purchase, and transmits a content purchase request to the card 0107 via the card interface 0204, where the content purchase request including a content ID of the selected content, and a terminal ID identifying a terminal (in this example, the terminal A 0102) by which the content is purchased (step S0301).

Next, the right purchase control program 0210 transmits the content ID of the content requested to the card 0107 to purchase, to the server 0101, downloads the requested content from the server 0101, and stores the downloaded content into the content storage unit 0206. Here, since the downloaded content has been encrypted, the copyright is protected even if the content is copied in an unauthorized manner from the content storage unit (step S0302).

Note that the terminal A 0102 may purchase a content for a terminal, such as the terminal N 0105, that is not connected with the Internet 0108. In this case, the terminal ID to be included in the content purchase request is the terminal ID of the terminal, such as the terminal N 0105, that is not connected with the Internet 0108. In addition to this, an additional step is performed, after step S0302, to transfer the content to the card 0107 so that the content is transferred to the terminal N 0105.

FIG. 4 shows an operational flow of the playback control program 0211. The playback control program 0211 is an application that operates on the operating system 0209. The playback control program 0211 obtains a key used to encrypt a content, from the card 0107, decrypts the content using the key, and plays back the decrypted content. Also, upon receiving a request to updated a program in the terminal A 0102, from the card, the playback control program 0211 updates the program stored in the program storage unit 0208. The following will describe in detail the process performed by the playback control program 0211.

The playback control program 0211, after being loaded by the operating system 0209 and obtaining the right for control, first obtains a list of contents stored in the content storage unit 0206, and generates a list of playable contents by asking and referring to information provided by the card 0107. The card 0107 stores keys respectively used to encrypt contents stored therein, and stores content IDs that correspond to the keys. The playback control program 0211 obtains a list of the content IDs stored in the card 0107, and then generates the list of playable contents by comparing the list with a list of the content IDs of contents stored in the content storage unit 0206. The generated list is, for example, a list of contents whose corresponding keys are stored in the card (step S0401).

Note that the playback control program 0211 may also obtain the list of content IDs stored in the card 0107, from the card 0107, and add it to the list of playable contents. The additional list is generated in the same procedure as that in which the list of playable contents for the contents stored in the terminal A 0102 is generated. The list including this additional list becomes a list of contents corresponding to keys that exist in the terminal including the card, and becomes a list of contents (regardless of whether they are stored in the content storage unit 0206) that can be played back by the terminal.

The playback control program 0211 presents the list of playable contents generated in step S0401, to the user of the terminal A 0102, causes the user to select a content to play back, and obtains a content ID of the selected content. The playback control program 0211 transmits key output request information including the content ID to the card 0107, thereby requesting to output a key used to encrypt the selected content (step S0402). The key output request information includes a content ID, a terminal ID, a program certificate, and a current PCR value to which a signature has been attached. Here, the current PCR value with signature attached has been obtained by the playback control program 0211 using the attestation service by the secure module, and the PCR value is a value that is dependent on the software that is currently operating in the terminal.

Next, the playback control program 0211 asks the card 0107 whether the card 0107 has output the requested key (step S0403). When the requested key has been output (YES in step S0403), the playback control program 0211 performs the content decryption process using the key (step S0404). When the requested key has not been output (NO in step S0403), the playback control program 0211 confirms whether or not a program update request has been made by the card 0107 (step S0406). Note that the program update request is a request to update a program, the request being issued by the card 0107 before outputting the key when the card 0107 judges that a security hole or the like has been detected in a program that is to process the content in concern.

When the requested key has been output (YES in step S0403), the playback control program 0211 obtains the key from the card 0107, obtains the content to be played back from the content storage unit 0206 or the card 0107, and decrypts the content (step S0404).

After the decryption, the playback control program 0211 plays back the decrypted content (step S0405). The playback control program 0211 performs a playback in accordance with the type of the decrypted content. The succeeding playback procedure is based on a general playback method, and description thereof is omitted.

When the requested key has not been output (NO in step S0403), the playback control program 0211 confirms whether or not a program update request has been made. When it is confirmed that a program update request has been made (YES in step S0406), the playback control program 0211 obtains an update program and an authentic PCR value that will be described later, and updates the program stored in the program storage unit 0208 and the program certificate 0212 that will be described later (step S0407). Note that the update target program and the program certificate 0212 of the update target program are obtained from the server 0101 and updated. After this, the playback control program 0211 transmits a system reset request to the operating system 0209 to reboot the terminal A 0102 (step S0408).

When it is confirmed that a program update request has not been made (NO in step S0406), the playback control program 0211 ends the process.

Up to now, the process performed by the playback control program 0211 has been explained. In the following, the description of the information stored in the program storage unit 0208 will be resumed.

The program certificate 0212 is data that is generated by attaching a signature to a PCR value held by the secure module 0207, using a private key that is known only to the maker of the terminal A 0102. The PCR value to which the signature is to be attached is a PCR value that is obtained after the terminal A 0102 is booted and the operating system 0209 and various types of applications are loaded. Before attaching the signature, the maker confirms whether or not the operating system 0209 and the various types of applications satisfy the implementation conditions defined in various copyright protection standards. Here, the terminal A 0102 cannot generate the program certificate 0212 since the private key to be used for the signature has not been loaded in the terminal A 0102. The program certificate 0212 is generated in a factory of the maker, for example.

To cause the PCR value to depend on the software structure of the terminal A 0102, the PCR value is updated by executing a PCR extend command, using, as an argument, a hash value of a program loaded in the terminal A 0102. It is possible to cause the PCR value always to depend on the software structure of the terminal A 0102, in the following way: whenever a program is loaded, a hash value of the load target program is calculated, and the PCR is updated by the PCR extend command using the calculated hash value.

FIG. 5 shows a flow of a process for updating the PCR in the secure module 0207 such that the PCR stores a value that depends on the software structure of the terminal A 0102. This process is included in common in the operations of the boot code 0203 and the operating system 0209, where the boot code 0203 loads the operating system 0209, and the operating system 0209 loads the various types of application programs. This is because the boot code 0203 changes the software structure of the terminal A 0102 by reading the operating system 0209, and the operating system 0209 changes the software structure of the terminal A 0102 by reading the application programs.

In the following explanation, a program calling another program is referred to as a loader program (for example, the boot code 0203 when loading the operating system 0209, and the operating system 0209 when loading the various types of application programs), and a program called by another program is referred to as a load-target program (for example, the operating system 0209 when being loaded by the boot code 0203, and the various types of application programs when being loaded by the operating system 0209).

The loader program first calculates a hash value of a load-target program by a hash function algorithm (step S0501). Next, the loader program executes a PCR extend command using the hash value as an argument, and updates the value of PCR in the secure module 0207 (step S0502). After the PCR update process is completed (step S0502), the loader program expands the load-target program into the RAM 0202 (step S0503). Lastly, the loader program branches to a program that was loaded into the RAM 0202 (step S0504).

The terminal A 0102, after it is powered or reset, namely, after it is booted, loads the operating system 0209 and the various types of applications into the RAM 0202. The terminal A 0102, when loading a program, updates the PCR as explained with reference to FIG. 5.

FIG. 6 is a flowchart showing the operation when the terminal A 0102 is booted.

After the terminal A 0102 is powered or reset, the processor 0201 executes the boot code 0203 (step S0601). The boot code 0203 performs the initial settings of the hardware constituting the terminal A 0102, then calculates a hash value of the boot code 0203 itself, and updates the PCR of the secure module 0207 using the hash value as an argument of the PCR extend command. It is presumed here that the PCR of the secure module 0207 has been initialized after the terminal is powered or reset.

Next, the boot code 0203 loads the operating system 0209 into the RAM 0202. The boot code 0203, when it loads the operating system 0209 into the RAM 0202, calculates a hash value of the operating system 0209, and updates the PCR of the secure module 0207, in the procedure shown in FIG. 5. After this, the processor 0201 executes the operating system 0209 and initializes the operating system 0209.

The operating system 0209 then loads the various types of applications (step S0603). The operating system 0209, when it loads the various types of applications, calculates a hash value of each application, and updates the PCR of the secure module 0207, in, the procedure shown in FIG. 5. After this, the terminal A 0102 waits for an input from the user, and executes an application program in accordance with the input (S0604).

As described above, the terminal A 0102, after it is powered or reset, continues to update the PCR in the secure module 0207 by the PCR extend command, using hash values of the programs such as the boot code 0203 that run on the terminal A 0102. After this, the PCR in the secure module 0207 has a value that depends on the programs that run on the terminal A 0102.

Up to now, the structure of the terminal A 0102 has been explained. Next, the structure of the terminal N 0105 will be explained.

FIG. 7 shows the structure of the terminal N 0105. Note that the terminal Z 0106 has the same structure as the terminal N 0105. The terminal N 0105 is composed of a processor 0701, a RAM 0702, a boot code 0703, a card interface 0704, a content storage unit 0706, a secure module 0707, and a program storage unit 0708. These units are connected with each other via a bus 0713. The program storage unit 0708 stores an operating system 0709, a playback control program 0711, and a program certificate 0712.

These constituent elements have the same functions as those of the terminal A 0102 shown in FIG. 2, and description thereof is omitted. Note that the terminal N 0105 does not have constituent elements that correspond to the communication unit 0205 and the right purchase control program 0210 of the terminal A 0102.

This completes description of the structure of the terminal N 0105. The following will describe the structure of the server 0101.

FIG. 12 shows the structure of the server 0101. The server 0101 is composed of a communication unit 1201, a CRL database 1202, a CRL management unit 1203, and a right management unit 1204. The CRL database 1202 is connected with the CRL management unit 1203. Also, the CRL management unit 1203 and the right management unit 1204 are connected with the communication unit 1201.

The communication unit 1201 is connected with the Internet 0108, and performs communication with the terminal A 0102, the terminal B 0103 and the terminal M 0104. The CRL management unit 1203 and the right management unit 1204 perform communication, via the communication unit 1201, with the terminal A 0102, the terminal B 0103 and the terminal M 0104, and with the card 0107 when it is connected with the terminal A 0102 or the like.

The CRL database 1202 stores (i) a terminal ID of a revoked terminal, (ii) an update program generated after a cause of the revoking is removed, and (iii) a PCR value when the update program is run on the terminal. Note that in general, a revoked terminal may also indicate a terminal that has a defect from which the terminal cannot recover even if an update program is applied. For example, the revoked terminal may be a terminal of a malicious user that has been identified and revoked. However, in the present embodiment, a revoking target is presumed to be a terminal having a defect from which the terminal can recover by updating the program. More specifically, in the present embodiment, a terminal that has continued to use an old software program having a security hole is recorded in the CRL database as a revoking target, for example.

FIG. 13 shows the structure of the CRL database 1202. The CRL database 1202 includes a CRL entry T1301, a CRL entry T1302, a CRL entry T1303, . . . . Each CRL entry has areas for storing a terminal ID, an update program, and an authentic PCR value. The CRL database 1202 is composed of information of a revoked terminal.

The terminal ID area stores the ID of a revoked terminal. The update program area stores an update program for the revoked terminal. When the cause of the revoking exists in the software, an update program may be applied to the terminal so that the terminal can continue to operate. Specific examples of such cases are when it is detected that the software was hacked, and when a security hole is detected in the software. The authentic PCR value area stores a PCR value of when the terminal normally operates after being updated using the update program stored in the update program area. It is possible to check, using the authentic PCR value, whether or not the terminal side has updated the program correctly.

The CRL management unit 1203 performs a mutual authentication with the card 0107 via the communication unit 1201 and the terminal A 0102 to confirm that the card is authentic, then provides the CRL information via the communication unit 1201. More specifically, the CRL management unit 1203 checks whether or not the terminal ID sent from the card 0107 exists in the CRL database 1202, and when it exists, the CRL management unit 1203 provides the card 0107 with an update program of a corresponding entry and the authentic PCR value.

The right management unit 1204 manages the right information of the content, performs charging process upon request from the terminal, and provides the right information of the content. The right management unit 1204 performs charging process and provides the right information after it confirms that the card 0107 is an authentic card by performing a mutual authentication with the card 0107. The right management unit 1204 is connected with the Internet 0108 via the communication unit 1201.

This completes the explanation of the structure of the server 0101. The following will describe the structure of the card 0107.

FIG. 8 shows the structure of the card 0107. The card 0107 is composed of a processor 0801, a RAM 0802, a boot code 0803, a terminal interface 0804, CRL database 0805, a content storage unit 0807, and a program storage unit 0808. These constituent elements are connected with each other via a bus 0813. The card 0107 is tamper-resistant so that programs and data in the card cannot be exposed easily.

The processor 0801 executes the boot code 0803 and a program having been loaded into the RAM 0802, and performs various processes for the card 0107.

The RAM 0802 holds a program that is loaded thereto for execution by the processor 0801. The program to be loaded thereto is stored in the program storage unit 0808.

The boot code 0803 includes one or more codes (boot codes) that are to be executed first by the processor 0801 after the card 0107 is reset. The boot code 0803 expands the operating system 0809 stored in the program storage unit 0808, into the RAM 0802. Note that the card 0107 is reset when the terminal is powered.

The terminal interface 0804 is an interface which connects the card 0107 with the terminal. A program that runs in the processor 0801 can perform communication with the terminal by performing communication with the terminal interface 0804. A program that runs in the card 0107 always uses the terminal interface 0804 to perform communication with the terminal. In the following description, the terminal interface 0804 will be omitted in the description of a communication between the terminal and the program running in the card 0107.

FIG. 14 shows the structure of the CRL database 0805. The CRL database 0805 includes a CRL entry T1401, a CRL entry T1402, a CRL entry T1403, . . . . Each CRL entry has areas for storing a terminal ID, an update program, and an authentic PCR value.

The terminal ID area stores the ID of a terminal obtained by the card 0107. Note that “ID_A”, “ID_B”, and “ID_N” written in the terminal ID area are respectively the terminal IDs of a terminal A 102, a terminal B 103, and a terminal N 105. When there is a revoked terminal, the update program area stores an update program for the revoked terminal in the entry including the terminal ID thereof. The authentic PCR value area stores a PCR value of when the terminal normally operates after being updated using the update program stored in the update program area. Note that the T1403 includes “NULL” in the update program area, and “current PCR” in the authentic PCR value area. This indicates that the terminal is in the state after the card 0107 has received the key output request information, but has not obtained the update program. A terminal may be in such a state, for example, immediately after the card 0107 is inserted into the terminal N 0105 for the first time and receives the key output request information.

The content storage unit 0807 stores an encrypted content and the right on the content. The content is downloaded by a terminal, such as the terminal A 0102, that can be connected with the server 0101, and is stored into the content storage unit 0807. The content storage unit 0807 is used to provide a content to a terminal, such as the terminal N 0105, that cannot access the server 0101 via the Internet 0108. Also, the right on the content is obtained by the right purchase program 0810 from the server 0101, and is stored into the content storage unit 0807.

The right on the content stored in the content storage unit 0807 cannot be directly accessed from outside the card 0107, but is implemented so that it can be accessed only by a right confirmation/key generation program 0811 which will be described later. More specifically, such an implementation can be achieved by encrypting it such that it can be decrypted only by the right confirmation/key generation program 0811.

The program storage unit 0808 stores an operating system 0809, a right purchase program 0810, and the right confirmation/key generation program 0811.

The operating system 0809 is infrastructure software of the card 0107, and provides services to applications that operate on the operating system 0809. The operating system 0809 loads applications stored in the program storage unit 0808 onto the RAM 0202.

The right purchase program 0810 performs communication with the server 0101 using the communication function of the terminal, based on the content purchase request received from the right purchase control program 0210 of the terminal, and performs purchase of the right and update of the CRL database 0805 of the card 0107. Note that, as described earlier with regards to the terminal A 0102, the content purchase request includes a content ID of the purchase target content, and a terminal ID identifying a terminal by which the content is purchased.

FIG. 9 is a flowchart showing the operation of the right purchase program 0810. The right purchase program 0810 obtains the terminal ID contained in the content purchase request, and stores it into the CRL database 0805 (step S0901). The right purchase program 0810 operates the CRL database 0805 to create a CRL entry, and stores the obtained terminal ID into the terminal ID area thereof. The right purchase program 0810 does not create the CRL entry when there is a CRL entry in which a terminal ID having already been obtained is stored in the terminal ID area.

The right purchase program 0810 performs a mutual authentication with the server 0101, and performs the content purchase process and obtains the right on the content (step S0902). The obtained right on the content is safely stored in the content storage unit 0807. The right on the content stores a content use condition and a key used to encrypt the content, where the content use condition is, for example, a use deadline of the content, or the number of times the content is permitted to be used. The right on the content is stored in the content storage unit 0807 in an encrypted state.

Next, the right purchase program 0810 asks the server 0101 and updates the CRL database 0805 (step S0903). Here, the right purchase program 0810 transmits, to the server 0101, all terminal IDs that are stored in the CRL entries in the CRL database 0805. The CRL management unit 1203 of the server 0101 checks whether or not the received terminal IDs are stored in the CRL database 1202. When a corresponding terminal ID exists, the CRL management unit 1203 transmits, to the right purchase program 0810, the update program and authentic PCR value that are stored in the CRL entry in which the corresponding terminal ID is stored. The right purchase program 0810 stores the received update program and authentic PCR value into a CRL entry that contains the corresponding terminal ID, in the CRL database 0805.

FIG. 10 is a flowchart showing the operation of the right confirmation/key generation program 0811.

The right confirmation/key generation program 0811 checks whether or not the terminal has been revoked. When the terminal has not been revoked, the right confirmation/key generation program 0811 checks the content use condition to see whether or not it is in a playable state, and when it judges affirmatively, it outputs the encryption key of the content to the terminal. When the terminal has been revoked, the right confirmation/key generation program 0811 outputs the update program to the terminal.

The right confirmation/key generation program 0811 obtains the terminal ID included in the key output request information, and stores it into the CRL database 0805 (step S1001). The right confirmation/key generation program 0811 creates a CRL entry in the CRL database 0805 by operating the CRL database 0805, and stores the obtained terminal ID into the terminal ID area of the created CRL entry. The right confirmation/key generation program 0811 does not create a CRL entry when the CRL database 0805 already has a CRL entry including the obtained terminal ID in the terminal ID area thereof. The right purchase program 0810 has a function to perform a similar process. However, this step is used to obtain a terminal ID with a terminal such as the terminal N 0105 that is not connected with the Internet 0108. This is because terminals such as the terminal N 0105 have no chance to execute the right purchase program 0810. Note that it is expected that a terminal such as the terminal N 0105 plays back a content that has been purchased preliminarily by a terminal such as the terminal A 0102 that is connected with the Internet 0108, using the card 0107.

The right confirmation/key generation program 0811 performs a verification of a signature attached to a PCR value by the attestation service included in the key output request information (step S1002). When it is judged that the PCR value is not authentic as a result of the signature verification (NG in step S1002), the right confirmation/key generation program 0811 ends the process.

When it is judged that the PCR value is authentic as a result of the signature verification (OK in step S1002), the right confirmation/key generation program 0811 performs authentication of a terminal using the PCR value (step S1003). In this step, the right confirmation/key generation program 0811 refers to the CRL database 0805 and compares the PCR value obtained from the terminal with an authentic PCR value in a CRL entry that has a terminal ID identical with the terminal ID included in the key output request information. When the comparison result is OK (OK in step S1003), the control moves to the right confirmation process. When the comparison result is NG (NG in step S1003), the control moves to the program update process. Note that here, when the comparison result is OK, it indicates that the PCR value matches the authentic PCR value; and when the comparison result is NG, it indicates that the PCR value does not match the authentic PCR value.

Note that when there is no authentic PCR value in a CRL entry having a terminal ID identical with the terminal ID included in the key output request information, the right confirmation/key generation program 0811 confirms the authenticity of the terminal by using the PCR value included in the program certificate in the key output request information instead of using the authentic PCR value. When the comparison result is OK (OK in step S1003), the control moves to the right confirmation process. When the comparison result is NG (NG in step S1003), the control moves to the program update process.

Here, the right confirmation/key generation program 0811 stores the PCR value included in the program certificate in the key output request information into the CRL entry only when the authentic PCR value has not been obtained from the server. The right confirmation/key generation program 0811 uses the stored PCR value when it authenticate the terminal later. The maker, at the time of shipping, attaches a signature to the program certificate that includes a PCR value indicating the software configuration of the device. Therefore, substantially, the card 0107 can verify merely whether or not the terminal has the software configuration at the time of shipping. However, as will be described, in the present embodiment, the right purchase process checks with respect to each of the terminal IDs stored in the CRL entries, whether or not an update program exists. When it is judged that an update program exists, the update program and an authentic PCR corresponding to the update program are stored in a CRL entry in the card 0107. Accordingly, once a terminal ID is stored in a CRL entry and the right purchase process is performed, the verification on the authenticity of the terminal, using the authentic PCR value, functions completely. The terminal user must execute the right purchase process when he/she desires to continue to receive the content distribution service. Thus it is difficult for the user to avoid the operation for obtaining the authentic PCR value.

When it is judged that the terminal is authentic (OK in step S1003), the right confirmation/key generation program 0811 obtains, from the content storage unit 0807, the right information for the content that has the content ID contained in the key output request information, and checks the use condition (step S1004). When the check result is negative, (NG in step S1004), the right confirmation/key generation program 0811 ends the process.

When the check result is affirmative (OK in step S1004), the right confirmation/key generation program 0811 outputs, to the terminal, the content encryption key included in the right information of the content, and ends the process of the right confirmation/key generation program (step S1005).

When it is judged that the terminal is not authentic (NG in step S1003), the right confirmation/key generation program 0811 refers to the CRL database 0805 and checks whether or not an update program exists in the update program area in a CRL entry having the terminal ID included in the key output request (step S1006). When it is judged that an update program does not exist (NG in step S1006), the right confirmation/key generation program 0811 ends the process.

When it is judged that an update program exists (OK in step S1006), the right confirmation/key generation program 0811 outputs the update program and the authentic PCR value (step S1007). Here, the update program and the authentic PCR value are those included in a CRL entry having the terminal ID included in the key output request information stored in the CRL database 0805.

Next, the operation of the content distribution system 0100 will be described.

First, the operation of terminals (the terminal A 0102, the terminal B 0103, and the terminal M 0104) connected with the server 0101 via the Internet 0108 will be described. In the following description, the terminal A 0102 is used as an example. Note that the terminal B 0103 and the terminal M 0104 operate in the same manner as the terminal A 0102 described in the following since they have the same structure as the terminal A 0102.

FIG. 11 is a flowchart showing the operation of the content distribution system 0100 when the user of the terminal A 0102 purchases the right from the server 0101 using the card 0107 and plays back a content obtained from the server 0101 on the terminal A 0102. It is presumed here that the terminal A 0102 has been revoked and that a CRL entry including the terminal ID of the terminal A 0102 exists in the CRL database 1202 of the server 0101. It is also presumed that the update program and the authentic PCR value corresponding thereto are stored in the corresponding CRL entry in the CRL database 1202. The following will describe the operation of the content distribution system 0100 with reference to the flowchart shown in FIG. 11.

The terminal A 0102 performs the terminal boot process in accordance with the terminal boot flow shown in FIG. 6 (step S1101). As a result of this, the PCR in the secure module 0207 of the terminal A 0102 has a value that depends on the programs running on the terminal A 0102. The card 0107 loads the operating system 0809 onto the RAM 0802 using the boot code 0803. After this, the operating system 0809 activates the various applications, so that the card 0107 enters the state in which it is usable.

Next, the terminal A 0102 runs the right purchase control program 0210 to perform the right purchase process by using the card 0107, as shown in FIG. 3 (step S1102). The card 0107 performs the right purchase process by running the right purchase program, as shown in FIG. 9.

Since the terminal A 0102 has been revoked, the right purchase program 0810 stores an update program for the terminal A 0102 and a corresponding authentic PCR value from the server 0101 into the CRL database 0805 (step S1103).

Next, the terminal A 0102 runs the playback control program 0211 to play back the content, as shown in FIG. 4 (step S1102). When the playback control program 0211 requests the card 0107 to output the key, the right confirmation/key generation program 0811 runs as shown in FIG. 10. Here, the right confirmation/key generation program 0811 outputs the update program and the authentic PCR value to the terminal A 0102 since a CRL entry including the terminal ID of the terminal A 0102 exists in the CRL database 0805 and the update program and the authentic PCR value exist. The playback control program 0211 stores the received update program and authentic PCR value into the program storage unit 0208, and reboots the terminal A 0102 (step S1104). After this, the terminal A 0102 is booted in the same manner as in step S1101.

Next, the terminal A 0102 runs the playback control program 0211 so that it requests the card 0107 again to output the key. Upon receiving this request, the right confirmation/key generation program 0811 of the card 0107 performs authentication of the terminal in step S1003 of the process thereof (step S1105). When the program has been updated correctly (OK in step S1105), the PCR value obtained from the secure module 0207 of the terminal A 0102 matches the PCR value stored in the CRL database 0805 of the card 0107, and the authenticity of the terminal A 0102 is confirmed, and the key is output.

On the other hand, when the program has not been updated because the playback control program 0211 of the terminal A 0102 for performing the program update process had been tampered by a malicious party (NG in step S1105), the PCR value obtained from the secure module 0207 of the terminal A 0102 does not match the PCR value stored in the CRL database 0805 of the card 0107, and the terminal A 0102 is judged as not authentic, and the process for the terminal A 0102 ends.

When the program has been updated correctly (OK in step S1105), the encryption key for the content is output from the card 0107 (step S1106).

After the key is output, the playback control program 0211 extracts an encrypted content from the content storage unit 0206, decrypts the content using a key, and plays back the decrypted content (step S1107).

In the above-described structure, a content encryption key is not output unless it is confirmed, using the PCR value, that the program has been updated correctly. Accordingly, when the program has not been updated correctly, the check on the authenticity of the terminal results in an NG, and the content encryption key is not output to the terminal. Therefore, to play back the content correctly, it is necessary to update the program. Also, even when the updated program is tempered with, the check on the authenticity of the terminal results in an NG, and the content cannot be played back. Accordingly, with the above-described structure, it is possible to protect the copyright of the content appropriately.

Furthermore, the present invention enables the program to be updated forcibly, not like a conventional technology in which the program update means as a whole is implemented to be tamper-resistant. That is to say, for the above-described process to be achieved, only the card 0107 and the secure module 0207 need to be implemented as tamper-resistant. Thus the portion required to be tamper-resistant is greatly reduced.

Also, when the right to play back a content is requested, the card 0107 confirms the authenticity of the terminal surely, and when the check on the authenticity of the terminal results in an NG, the program for the terminal is updated. Thus, according to this structure, the program is updated surely when the content is to be played back. This makes it possible to update the software of the revoked terminal surely. In the present embodiment, the above-described process is performed when the content is played back. However, not limited to this, the process may be performed, for example, when the content is recorded. In this way, the software can be updated forcibly at desired timings other than when the content is played back.

Next, the operation of the terminals (the terminal N 0105 and the terminal Z 0106) that cannot be connected with the Internet 0108 will be described. In the following description, the terminal N 0105 is used as an example. Note that the terminal Z 0106 operates in the same manner as the terminal N 0105 described in the following since it has the same structure as the terminal N 0105.

FIG. 15 is a flowchart showing the operation of the content distribution system 0100 in updating the program for the terminal N 0105 that cannot be connected with the server 0101 via the Internet 0108. It is presumed here that the terminal N 0105 has been revoked and that a CRL entry including the terminal ID of the terminal N 0105 exists in the CRL database 1202 of the server 0101. It is also presumed that the update program and the authentic PCR value corresponding thereto are stored in the corresponding CRL entry in the CRL database 1202. Here, since the terminal N 0105 cannot be connected with the server 0101 via the Internet 0108, it purchases the right using the terminal A 0102, and the use of the content and the right on the terminal N 0105 becomes possible by using the card 0107. In the following, the operation of the content distribution system 0100 will be described with reference to the flowchart shown in FIG. 15.

The terminal A 0102 performs the terminal boot process and the right purchase process as described in steps S1101 and S1102 of FIG. 11. Here; the terminal A 0102 stores a downloaded content into the content storage unit 0807 of the card 0107 so that the terminal N 0105 can play back the downloaded content.

The terminal N 0105 performs the terminal boot process in accordance with the terminal boot flow shown in FIG. 6 (step S1503)

As a result of this, the PCR in the secure module 0707 of the terminal N 0105 has a value that depends on the programs running on the terminal N 0105.

Next, the card 0107 is moved from the terminal A 0102 to the terminal N 0105 so that the content having been purchased on the terminal A 0102 is played back on the terminal N 0105. The terminal N 0105 runs the playback control program 0711 to play back the content, and the playback control program 0711 requests the card 0107 to output the key. The card 0107 runs the right confirmation/key generation program 0811 that operates as shown in FIG. 10. Here, the right confirmation/key generation program 0811 adds the terminal ID of the terminal N 0105 into the CRL database, and creates a CRL entry including the terminal ID of the terminal N 0105 (step S1504).

After this, the right confirmation/key generation program 0811, in step S1003, performs the authentication of the terminal N 0105 (step S1505). Here, the right confirmation/key generation program 0811 refers to the CRL database 0805 and detects a CRL entry that includes the terminal ID of the terminal N 0105. However, since there is no authentic PCR value, the right confirmation/key generation program 0811 performs the authentication of the terminal N 0105 using the PCR value stored in the program certificate 0712 of the terminal N 0105. When the PCR value obtained from the secure module 0707 of the terminal N 0105 does not match the PCR value stored in the program certificate 0712 (NG in step S1505), it is judged that the terminal is not authentic, and the right confirmation/key generation program ends the process.

When it is judged that the terminal is authentic (OK in step S1505), the right confirmation/key generation program 0811 performs the right confirmation process S1004, then decrypts the content encryption key for the content stored in the content storage unit 0807, and outputs the decrypted key to the terminal N 0105 (step S1506).

The playback control program 0711 of the terminal N 0105 decrypts the content stored in the content storage unit 0807 of the card 0107 using the content encryption key received from the card 0107, and plays back the decrypted content (step S1507). Note that the content may be played back after it is transferred from the content storage unit 0807 of the card 0107 to the content storage unit 0706 of the terminal N 0105.

Next, the card 0107 is inserted into the terminal A 0102 so that the right on the content is purchased newly using the card 0107. The following describes a flow for purchasing the right on the content on the terminal A 0102.

The terminal A 0102 performs the right purchase process by the right purchase control program 0210 using the card 0107, as shown in FIG. 3 (step S1508). The card 0107 performs the right purchase process by running the right purchase program, as shown in FIG. 9. The content downloaded when the right is purchased is stored into the content storage unit 0807 of the card 0107.

Since the terminal N 0105 has been revoked, the right purchase program 0810 stores an update program for the terminal N 0105 and a corresponding authentic PCR value from the server 0101 into the CRL database 0805 (step S1509). The CRL database 0805 of the card 0107 has a CRL entry including the terminal ID of the terminal N 0105. As a result, in the CRL update process (step S0903) of the right purchase program 0810, the terminal ID of the terminal N 0105 is used when a search in the CRL database 1202 of the server 0101 is performed. In this search, it is found that a CRL entry including the terminal ID of the terminal N 0105 exists in the CRL database 1202. The right purchase program 0810 thus retrieves the update program for the terminal N 0105 and the authentic PCR value from the CRL entry in the CRL database 1202, and stores them into a CRL entry including the terminal. ID of the terminal N 0105, in the CRL database 0805 of the card 0107.

Next, the card 0107 is inserted into the terminal N 0105 so that the content is played back on the terminal N 0105. The following describes the content playback operation on the terminal N 0105.

The terminal N 0105 updates the program for the terminal N 0105 in the same manner as the terminal A 0102 performs the process in step S1104 of FIG. 11 (step S1510).

The terminal N 0105 requests the card 0107 to output the key in the same manner as the terminal A 0102 does in step S1105 of FIG. 11. This causes the card 0107 to perform authentication of the terminal (step S1511). When the authenticity is confirmed (OK in step S1511), the content encryption key is output from the card 0107 to the terminal N 0105.

On the other hand, when the program has not been updated because the playback control program 0711 of the terminal N 0105 for performing the program update process had been tampered by a malicious party (NG in step S1511), the PCR value obtained from the secure module 0707 of the terminal N 0105 does not match the PCR value stored in the CRL database 0805 of the card 0107, and the terminal N 0105 is judged as not authentic, and the process for the terminal N 0105 ends.

When the program has been updated correctly (OK in step S1511), the content encryption key is output from the card 0107 (step S1512).

The playback control program 0711 of the terminal N 0105 decrypts a content stored in the content storage unit 0807 of the card 0107, using the content encryption key received from the card 0107, and plays back the decrypted content (step S1513). Note that the content may be played back after it is transferred from the content storage unit 0807 of the card 0107 to the content storage unit 0706 of the terminal N 0105.

With the above-described structure, it is possible even for a terminal such as the terminal N 0105 that cannot be connected with the server 0101 via the Internet 0108, to revoke the terminal and update the program.

Also, in the above-described structure, the card 0107 stores only revocation lists that correspond to terminals that have used the card 0107 once. The structure thus makes it possible even for the card 0107 having small resources to deal with the revocation lists.

Also, off course, this structure produces advantageous effects in the same manner as the structure for the terminal connected with a network.

<Modifications>

Up to now, the present invention has been described through an embodiment thereof. However, the present invention is not limited to the embodiment, but includes, for example, the following modifications.

(1) In the embodiment described above, the update target is software. However, it may be applied to a system for updating the hardware structure information. A specific example of such hardware is a reconfigurable processor.

(2) In the embodiment described above, each program for controlling the card, terminal, or server runs on the operating system. However, not limited to this, the operating system may not necessarily be required when the application programs or the like are written in a language that can be directly processed by the processor.

(3) In the embodiment described above, the PCR is a hash value. However, not limited to this, the PCR may be any value in so far as it can be used to detect a tampering. For example, it may be a value generated by encrypting part of a program, or may be a check sum of a program.

(4) In the embodiment described above, when the key is requested, it is judged whether or not the terminal has been revoked. However, not limited to the key information, the judgment may be performed when there is a request for any other information which should not be given to an unauthorized terminal because it would be disadvantageous. Further, the process performed by the terminal is not limited to a playback of a content. For example, the terminal may perform a process on a database that deals with personal information. In this case, the timing at which it is judged whether or not the terminal has been revoked may be when a request for personal information is received from the terminal.

(5) In the embodiment described above, the card 0107 judges whether or not the terminal has been revoked. However, not limited to this, the server may judge whether or not the terminal has been revoked, when, for example, the server provides the right information. In this case, the terminal may transmit the PCR, together with the request for the right information. Also, the server stores the authentic PCR, and when the PCR received from the terminal does not match the authentic PCR (namely, when the judgment result is NG), it updates the program for the terminal. Description of the detailed process is omitted since it is the same as the update process that is performed between the terminal and the card.

(6) In the embodiment described above, the terminal is rebooted after the program is updated. However, not limited to this, the process may be continued without rebooting when the update is small enough to exclude the necessity for the reboot. That is to say, after the update of the program is completed, rebooting of the terminal may be omitted, and the key information may be output to the terminal, and the content may be decrypted and played back.

(7) As described above, one aspect of the present invention is an information processing device comprising a terminal and a card detachable from the terminal, the terminal including: a terminal measuring unit operable to measure a characteristic of a program running on the terminal and stores the measured characteristic; a program storage unit storing the program running on the terminal; and a program update unit operable to update the program stored in the program storage unit, the card including: an update program storage unit storing an update program of the terminal; an authenticity confirming unit operable to confirm whether or not the terminal is authentic using information obtained from the terminal measuring unit; a secret information providing unit operable to provide secret information held in the card to the terminal only when the authenticity confirming unit judges that the terminal is not authentic; and a program output unit operable to output the update program stored in the update program storage unit to the program update unit.

In the above-stated information processing device, the card further includes: a terminal ID storage unit storing a terminal ID of a terminal with which the card was connected at least once; an update program obtaining unit operable to, when the terminal with which the card is connected is connectable to a network, obtain, from a server, an update program associated with the terminal ID stored in the terminal ID storage unit, and store the obtained update program into the update program storage unit; an authenticity confirmation information storage unit storing authenticity confirmation information of a terminal associated with the update program obtained by the update program obtaining unit; authenticity confirmation information obtaining unit operable to, when the terminal with which the card is connected is connectable to a network, obtain, from the server, authenticity confirmation information associated with the update program obtained by the update program obtaining unit, and store the obtained authenticity confirmation information into the authenticity confirmation information storage unit, wherein authenticity of the terminal is confirmed using the authenticity confirmation information obtained by the authenticity confirming unit from the authenticity confirmation information storage unit.

With the above-described structure, it is possible to provide a program update method that does not depend on the reliability of the update module itself.

Also, it is possible to modify an unauthorized terminal to an authorized terminal by updating a program, without making a revoked terminal inoperable. This enables a playback of a content to be continued. Accordingly, the structure makes it possible to maintain the soundness of the content distribution system, preventing the user from suffering a damage from making' a revoked terminal inoperable.

Furthermore, with this structure, even a terminal that cannot be connected with the Internet can update the program since it updates the program using a mechanism provided in the card.

Another aspect of the present invention is an information recording device that is used together with an information processing device operated by a program, and stores information to be used by the information processing device, the information recording device comprising: a receiving unit operable to receive an information access request from an information processing device; an update program storage unit storing an update program for operating the information processing device; an obtaining unit operable to, when the access request has been received, obtain characteristic information of a program that operates the information processing device that issued the access request; an authenticity confirming unit operable to confirm authenticity of the program that operates the information processing device, based on the characteristic information; and an output unit operable to output the update program to the information processing device when it is confirmed that the program is not authentic.

With the above-described structure, when it has been confirmed that a program that operates the information processing device that has requested information to the information recording device is not authentic, the program is updated by the update program. Accordingly, it is possible to force a device, which intends to use information, to update the program.

In the above-stated information recording device of the present invention, the output unit may further output the information to the information processing device only after it is confirmed that the program is authentic.

With the above-described structure, the information processing device cannot obtain the requested information unless it is judged that the program is authentic. Accordingly, to obtain the information for which it has issued an access request, the information processing device needs to update the program. Thus, it is possible to force the device to update the program.

The above-stated information recording device of the present invention may further comprise an authentic characteristic information storage unit storing authentic characteristic information that is characteristic information of an authentic program for operating the information processing device, wherein the authenticity confirming unit confirms whether or not the program is authentic, by comparing the authentic characteristic information with the characteristic information received from the information processing device.

With the above-described structure, the information recording device can confirm whether or not the program of the information processing device is authentic, based on the characteristic information.

In the above-stated information recording device of the present invention, the receiving unit may further obtain a piece of identification information for identifying the information processing device, together with the access request, the update program storage unit stores one or more pieces of identification information for identifying one or more information processing devices that issued an access request in past, and stores one or more update programs for the one or more information processing devices in one-to-one correspondence with the one or more pieces of identification information, and the output unit outputs an update program for the information processing device identified by the piece of identification information that was received together with the access request.

With the above-described structure, even when the information recording device is shared by a plurality of information processing devices, it is possible to output an appropriate update program to each information processing device.

In the above-stated information recording device of the present invention, when the access request is received from another information processing device, the update program storage unit may additionally store a piece of identification information for identifying said another information processing device.

With the above-described structure, the information recording device can manage update programs with respect to all information processing devices from which the access request was received at least once in past.

In the above-stated information recording device of the present invention may further comprise: a transmitting unit operable to transmit the piece of identification information for identifying the information processing device stored in the update program storage unit, to a server that provides the update program; and an obtaining unit operable to obtain, from the server, an update program for an information processing device identified by the transmitted piece of identification information, wherein the update program storage device stores the obtained update program in association with the piece of identification information.

With the above-described structure, when the update program has been upgraded with respect to an information processing device managed by the information recording device itself, the information recording device can obtain and record the upgraded update program onto the device itself.

The above-stated information recording device may be a portable recording medium.

With the above-described structure, it is possible to force even an information processing device that cannot be connected with the Internet to update the program since a mechanism provided in the portable information recording device is used to update the program.

A further aspect of the present invention is an information processing device that is operated by a program and is used together with an information recording device which confirms authenticity of the program based on characteristic information of the program, the information processing device comprising: a characteristic information calculating unit operable to calculate characteristic information of the program; a transmitting unit operable to transmit the calculated characteristic information to the information recording device when the information processing device issues an access request for information recorded on the information recording device; a receiving unit operable to receive either information or an update program for the information processing device, depending on a result of a judgment for confirmation made by the information recording device; and an update unit operable to, when the update program has been received, update the program by the received update program.

With the above-described structure, when the information processing device is to send a request for information to the information recording medium, and when it is detected that a program that operates the information processing device itself is an unauthorized one, the information processing device can update the program.

In the above-stated information processing device of the present invention, the characteristic information calculating unit may be protected by means of a tamper resistant structure thereof.

With the above-described structure, it is possible to prevent the characteristic information from being tampered by an unauthorized analyzer. Accordingly, when a program that operates the information processing device is an unauthorized one, it is possible to update the program in a more ensured manner. Also, protecting merely the characteristic information calculating unit is enough to prevent the above-mentioned unauthorized action. Accordingly, this makes it possible to forcibly update the program at a lower cost than the case where the whole device is made tamper-resistant.

Further, the present invention can be achieved as a system, program update method, program, or integrated circuit that includes the above-described features of the information recording device and the information processing device, producing the same advantageous effects.

(8) Each of the above-described devices is specifically a computer system that includes a microprocessor, ROM, RAM, a hard disk unit, a display unit, a keyboard, a mouse and the like. A computer program is stored in the RAM or the hard disk unit. The microprocessor operates in accordance with the computer program and causes each device to achieve the functions. The computer program is composed of a plurality of instruction codes that instruct the computer to achieve predetermined functions.

(9) Part or all of the structural elements constituting the devices described above may be achieved in one system LSI (Large Scale Integration). The system LSI is an ultra multi-functional LSI that is manufactured by integrating a plurality of components on one chip. More specifically, the system LSI is a computer system that includes a microprocessor, ROM, RAM and the like. A computer program is stored in the RAM. The microprocessor operates in accordance with the computer program, thereby enabling the system LSI to achieve its functions.

Each part of structural elements constituting each of the above-described devices may be achieved on one chip, or part or all thereof may be achieved on one chip.

Although the term system LSI is used here, it may be called IC, LSI, super LSI, ultra LSI or the like, depending on the level of integration. It is also possible to use the FPGA (Field Programmable Gate Array), with which a programming is available after the LSI is manufactured, or the reconfigurable processor that can re-configure the connection or setting of the circuit cells within the LSI.

Furthermore, a technology for an integrated circuit that replaces the LSI may appear in the near future as the semiconductor technology improves or branches into other technologies. In that case, the new technology may be incorporated into the integration of the functional blocks constituting the present invention as described above. Such possible technologies include biotechnology.

(10) Part or all of the structural elements constituting each of the above-described devices may be achieved as an IC card or a single module that is attachable/detachable to or from each device. The IC card or module is a computer system that includes a microprocessor, ROM, RAM, and the like. The IC card or module may include the aforesaid ultra multi-functional LSI. The microprocessor operates in accordance with the computer program and causes the IC card or module to achieve the functions. The IC card or module may be tamper resistant.

(11) The present invention may be methods shown by the above. The present invention may be a computer program that allows a computer to realize the methods, or may be a digital signal representing the computer program.

Furthermore, the present invention may be a computer-readable recording medium such as a flexible disk, a hard disk, CD-ROM, MO, DVD, DVD-ROM, DVD RAM, BD (Blu-ray Disc), or a semiconductor memory, that stores the computer program or the digital signal. Furthermore, the present invention may be the digital signal recorded on any of the aforementioned recording mediums.

Furthermore, the present invention may be the computer program or the digital signal transmitted via an electric communication line, a wireless or wired communication line, a network of which the Internet is representative, or a data broadcast.

Furthermore, the present invention may be a computer system that includes a microprocessor and a memory, the memory storing the computer program, and the microprocessor operating according to the computer program.

Furthermore, by transferring the program or the digital signal via the recording medium, or by transferring the program or the digital signal via the network or the like, the program or the digital signal may be executed by another independent computer system.

(12) The present invention may be any combination of the above-described embodiments and modifications.

INDUSTRIAL APPLICABILITY

The present invention is applicable to an information processing device that updates programs. 

1. An information processing system comprising an information processing device and a portable information recording device that is attachable and detachable to and from the information processing device, wherein the information processing device includes: a first storage unit storing an operation program including a plurality of computer instructions for operating the information processing device; a measuring unit operable to measure an amount of characteristics of the operation program when the operation program is loaded; a requesting unit operable to send a request for secret information to the information recording device; a receiving unit operable to receive either the secret information or an update program, depending on a result of a judgment which is made by the information recording device to confirm whether or not the operation program is authentic; and an update unit operable to, when the receiving unit has received the update program, update the operation program stored in the first storage unit in accordance with the received update program, and the information recording device includes: an information holding unit holding the secret information safely; a second storage unit storing the update program for updating the operation program; a receiving unit operable to receive the request for secret information from the information processing device; a judging unit operable to, when the receiving unit has received the request, judge whether or not the operation program is authentic, using the measured amount of characteristics; and an output unit operable to output the secret information held by the information holding unit to the information processing device when the judging unit judges that the operation program is authentic, and output the update program stored in the second storage unit to the information processing device when the judging unit judges that the operation program is not authentic.
 2. The information processing system of claim 1, wherein the information recording device further includes: an identifier storage unit storing a device identifier for identifying an information processing device that was connected with the information recording device in past; a first obtaining unit operable to obtain, from the server device via a network and the information processing device connected with the network, an update program that is associated with the device identifier stored in the identifier storage unit, and write the obtained update program to the second storage unit; an authenticity information storage unit; and a second obtaining unit operable to obtain, from the server device via the network and the information processing device connected with the network, authenticity confirmation information that is associated with the update program stored in the second storage unit and is used to confirm authenticity of the operation program, and write the obtained authenticity confirmation information to the authenticity information storage unit, wherein the judging unit judges whether or not the operation program is authentic, in accordance with the authenticity confirmation information written to the authenticity information storage unit.
 3. A portable information recording device that is attachable and detachable to/from an information processing device, the information recording device comprising: an information holding unit holding secret information safely; a program storage unit storing an update program for updating an operation program including a plurality of computer instructions for operating the information processing device; a receiving unit operable to receive a request for the secret information from the information processing device; a judging unit operable to, when the receiving unit has received the request, judge whether or not the operation program is authentic using an amount of characteristics of the operation program, the amount of characteristics being measured by and obtained from the information processing device; and an output unit operable to output the secret information held by the information holding unit to the information processing device when the judging unit judges that the operation program is authentic, and output the update program stored in the program storage unit to the information processing device when the judging unit judges that the operation program is not authentic.
 4. The information recording device of claim 3 further comprising an authentic information storage unit storing an authentic amount of characteristics being an amount of characteristics of an authentic operation program, wherein the judging unit judges whether or not the operation program is authentic, by comparing the authentic amount of characteristics with the measured amount of characteristics obtained from the information processing device.
 5. The information recording device of claim 3, wherein the program storage unit stores one or more device identifiers for identifying one or more information processing devices that were connected with the information recording device at least in past, and stores one or more update programs for the one or more information processing devices in one-to-one correspondence with the one or more device identifiers, and the output unit outputs an update program which corresponds to a device identifier for identifying an information processing device that is an issuer of the received request.
 6. The information recording device of claim 5, wherein the receiving unit further receives, together with the request, a device identifier for identifying the information processing device that is the issuer of the received request, the program storage unit stores one or more device identifiers for identifying one or more information processing devices that issued the request in past, and stores one or more update programs for the one or more information processing devices in one-to-one correspondence with the one or more device identifiers, and the output unit outputs an update program for an information processing device identified by the device identifier received together with the request.
 7. The information recording device of claim 6, wherein when the request is received from another information processing device, the program storage unit further stores additionally a device identifier for identifying said another information processing device.
 8. The information recording device of claim 7 further comprising: a transmitting unit operable to transmit a device identifier stored in the program storage unit, to a server device that provides the update program; and an obtaining unit operable to obtain, from the server device, an update program for an information processing device identified by the transmitted device identifier, wherein the program storage device stores the obtained update program in association with the device identifier.
 9. The information recording device of claim 3 being a portable memory card.
 10. The information recording device of claim 3, wherein the judging unit performs the judgment using a verification process provided by a structure certification technology standardized by Trusted Computing Group (TCG).
 11. An information processing device to which a portable information recording device is attached, the information processing device comprising: a first storage unit storing an operation program including a plurality of computer instructions for operating the information processing device; a measuring unit operable to measure an amount of characteristics of the operation program when the operation program is loaded; a requesting unit operable to send a request for secret information to the information recording device; a receiving unit operable to receive either the secret information or an update program, depending on a result of a judgment made by the information recording device to confirm whether or not the operation program is authentic; and an update unit operable to, when the receiving unit has received the update program, update the operation program stored in the first storage unit in accordance with the received update program.
 12. The information processing device of claim 11, wherein the measuring unit is protected by means of a tamper resistant structure thereof.
 13. The information processing device of claim 11 further comprising a certifying unit that is structured as a Trusted Platform Module standardized by Trusted Computing Group (TCG), and generates, at least in accordance with the measured amount of characteristics, certificate information for certifying authenticity of the information processing device.
 14. A program update method for use in a portable information recording device that is attachable and detachable to/from an information processing device, the information recording device comprising: an information holding unit holding secret information safely; and a program storage unit storing an update program for updating an operation program including a plurality of computer instructions for operating the information processing device, the program update method comprising the steps of: receiving a request for the secret information from the information processing device; judging, when the receiving unit has received the request, whether or not the operation program is authentic using an amount of characteristics of the operation program, the amount of characteristics being measured by and obtained from the information processing device; and outputting the secret information held by the information holding unit to the information processing device when the judging step judges that the operation program is authentic, and outputting the update program stored in the program storage unit to the information processing device when the judging step judges that the operation program is not authentic.
 15. A computer program for updating a program that is for use in a portable information recording device that is attachable and detachable to/from an information processing device, the information recording device comprising: an information holding unit holding secret information safely; and a program storage unit storing an update program for updating an operation program including a plurality of computer instructions for operating the information processing device, the computer program causing a computer to perform the steps of: receiving a request for the secret information from the information processing device; judging, when the receiving unit has received the request, whether or not the operation program is authentic using an amount of characteristics of the operation program, the amount of characteristics being measured by and obtained from the information processing device; and outputting the secret information held by the information holding unit to the information processing device when the judging step judges that the operation program is authentic, and outputting the update program stored in the program storage unit to the information processing device when the judging step judges that the operation program is not authentic.
 16. An integrated circuit that constitutes a portable information recording device that, is attachable and detachable to/from an information processing device, the information recording device including: an information holding unit holding secret information safely; and a program storage unit storing an update program for updating an operation program including a plurality of computer instructions for operating the information processing device, the integrated circuit comprising: a receiving unit operable to receive a request for the secret information from the information processing device; a judging unit operable to, when the receiving unit has received the request, judge whether or not the operation program is authentic using an amount of characteristics of the operation program, the amount of characteristics being measured by and obtained from the information processing device; and an output unit operable to output the secret information held by the information holding unit to the information processing device when the judging unit judges that the operation program is authentic, and output the update program stored in the program storage unit to the information processing device when the judging unit judges that the operation program is not authentic.
 17. An information processing system comprising: a server device; a first information processing device that is connectable with the server device via a network; a second information processing device not having a function to connect with the server device via a network; and a portable information recording device that is attachable and detachable to/from each information processing device, wherein the second information processing device has been revoked, the server device stores an update program for updating an operation program for operating the second information processing device, the information recording device is attached to the first information processing device, the first information processing device obtains the update program from the server device via the network and outputs the obtained update program to the information recording device, the information recording device is attached to the second information processing device, the information recording device includes: an information holding unit holding secret information safely; a first storage unit receiving the update program from the first information processing device and storing the received update program; a receiving unit operable to receive a request for the secret information from the second information processing device; a judging unit operable to, when the receiving unit has received the request, judge whether or not the operation program stored in the second information processing device is authentic, using an amount of characteristics measured by the second information processing device; and an output unit operable to output the secret information held by the information holding unit to the second information processing device when the judging unit judges that the operation program is authentic, and output the update program stored in the first storage unit to the second information processing device when the judging unit judges that the operation program is not authentic, and the second information processing device includes: a second storage unit storing the operation program including a plurality of computer instructions for operating the second information processing device; a measuring unit operable to measure the amount of characteristics of the operation program when the operation program is loaded; a requesting unit operable to send a request for the secret information to the information recording device; a receiving unit operable to receive either the secret information or an update program, depending on a result of the judgment made, by the information recording device to confirm whether or not the operation program is authentic; and an update unit operable to, when the receiving unit has received the update program, update the operation program stored in the second storage unit in accordance with the received update program.
 18. An information processing method for use in an information processing system that comprises: a server device; a first information processing device that is connectable with the server device via a network; a second information processing device not having a function to connect with the server device via a network; and a portable information recording device that is attachable and detachable to/from each information processing device, wherein the second information processing device has been revoked, the server device stores an update program for updating an operation program for operating the second information processing device, the information recording device includes an information holding unit holding secret information safely, the second information processing device includes a storage unit storing the operation program including a plurality of computer instructions for operating the second information processing device, and the information processing method comprises the steps of: when the information recording device has been attached to the first information processing device, causing the first information processing device to obtain the update program from the server device via the network, and outputting the obtained update program to the information recording device; when the information recording device has been attached to the second information processing device, causing the information recording device to obtain the update program from the first information processing device, and storing the obtained update program; causing the information recording device to receive a request for the secret information from the second information processing device; when the information recording device has received the request, causing the second information processing device to judge whether or not the operation program stored in the second information processing device is authentic, using an amount of characteristics measured by the second information processing device; outputting the secret information held by the information holding unit to the second information processing device when the information recording device judges that the operation program is authentic, and outputting the update program stored in the information recording device to the second information processing device when the judging unit judges that the operation program is not authentic; causing the second information processing device to measure the amount of characteristics of the operation program when the operation program is loaded; causing the second information processing device to send a request for the secret information to the information recording device; causing the second information processing device to receive either the secret information or an update program, depending on a result of the judgment made by the information recording device to confirm whether or not the operation program is authentic; and causing the second information processing device to, when the update program has been received, update the operation program stored in the second storage unit in accordance with the received update program. 